Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/oKYbJL_JQNVFNhNMM1cZ99NC6DM.roa
File:                     oKYbJL_JQNVFNhNMM1cZ99NC6DM.roa (raw, json)
Hash identifier:          yozFAJCshsmsq9xsiRy0WeXk6ZtGaHpZhKg2pW7bmWA=
Subject key identifier:   A0:A6:1B:24:BF:C9:40:D5:45:36:13:4C:33:57:19:F7:D3:42:E8:33
Certificate issuer:       /CN=ebbc0d60bd3a90bd5e31509deadf447076b078d8
Certificate serial:       018CC9BC02EA86C373E244C7729FEBDA101B
Authority key identifier: EB:BC:0D:60:BD:3A:90:BD:5E:31:50:9D:EA:DF:44:70:76:B0:78:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/67wNYL06kL1eMVCd6t9EcHaweNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/oKYbJL_JQNVFNhNMM1cZ99NC6DM.roa
Signing time:             Tue 02 Jan 2024 10:33:10 +0000
ROA not before:           Tue 02 Jan 2024 10:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42459
IP address blocks:        212.45.67.0/24 maxlen: 24
                          212.45.65.0/24 maxlen: 24
                          212.45.72.0/21 maxlen: 24
                          79.134.48.0/20 maxlen: 32
                          79.134.56.0/21 maxlen: 24
                          193.32.4.0/23 maxlen: 23
                          193.32.0.0/23 maxlen: 23
                          212.45.64.0/20 maxlen: 32
                          212.45.64.0/21 maxlen: 24
                          2a02:2660::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/67wNYL06kL1eMVCd6t9EcHaweNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/67wNYL06kL1eMVCd6t9EcHaweNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/67wNYL06kL1eMVCd6t9EcHaweNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:02:ea:86:c3:73:e2:44:c7:72:9f:eb:da:10:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebbc0d60bd3a90bd5e31509deadf447076b078d8
        Validity
            Not Before: Jan  2 10:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0a61b24bfc940d54536134c335719f7d342e833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:74:3b:82:a2:5c:46:19:54:34:bc:99:3d:bd:
                    6f:e6:8f:db:e3:d8:a3:2d:f0:fa:5c:34:50:e4:00:
                    e4:77:dd:fc:22:72:a7:93:a6:14:20:11:c8:e6:8f:
                    07:cd:5c:05:83:01:92:93:b3:f2:86:4a:23:ef:49:
                    1b:1f:e6:dc:03:b1:92:cf:c1:91:bc:49:da:89:86:
                    1b:0b:92:45:7d:0d:12:28:4c:9e:51:f1:e1:00:32:
                    d7:dc:35:bd:02:bd:5c:f7:61:77:44:a3:db:be:60:
                    4a:ec:04:31:3e:0a:94:a7:81:06:af:eb:6d:11:c3:
                    b3:b9:61:ec:0a:93:00:4d:2f:f4:8d:2a:c0:a7:78:
                    36:df:18:a0:ef:23:af:37:48:ec:ed:66:ee:56:95:
                    bf:ee:93:44:8c:77:61:6e:71:1a:5d:02:d8:48:1b:
                    9c:41:72:c4:72:f9:0e:04:53:ad:e5:8b:11:4f:f7:
                    8e:d4:b7:8f:d2:c6:43:55:e6:6f:94:6d:0c:c1:b3:
                    7b:7d:af:9e:d6:35:0a:00:60:d5:94:ce:05:a2:fd:
                    7e:19:e7:df:e1:d1:c0:44:05:f2:76:5f:7f:08:f1:
                    29:29:90:d7:09:c8:59:1a:47:86:c4:25:3e:8e:a8:
                    9f:ac:14:42:a8:a3:a1:a4:35:83:c9:ad:97:6f:ee:
                    13:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A6:1B:24:BF:C9:40:D5:45:36:13:4C:33:57:19:F7:D3:42:E8:33
            X509v3 Authority Key Identifier:
                keyid:EB:BC:0D:60:BD:3A:90:BD:5E:31:50:9D:EA:DF:44:70:76:B0:78:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/67wNYL06kL1eMVCd6t9EcHaweNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/oKYbJL_JQNVFNhNMM1cZ99NC6DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/67wNYL06kL1eMVCd6t9EcHaweNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.134.48.0/20
                  193.32.0.0/23
                  193.32.4.0/23
                  212.45.64.0/20
                IPv6:
                  2a02:2660::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:35:59:c5:8b:84:e2:97:29:49:c0:20:d9:67:46:b8:a0:1e:
         7f:30:d2:2a:37:30:99:9f:6b:23:88:c0:88:9c:a0:23:ce:d6:
         2b:0a:9c:7a:46:54:9e:32:70:e4:31:81:96:8e:4a:93:2f:b6:
         bf:4a:72:7e:2f:3d:e6:40:96:d6:a1:42:2e:00:d8:32:32:f6:
         32:b6:a7:20:89:1b:47:9c:1c:dd:50:80:49:63:fa:6f:d2:a0:
         2f:81:27:9f:7a:15:cf:83:cc:a1:f8:ee:d9:b8:d8:24:78:2d:
         3a:b7:b5:59:6b:e4:1e:e3:e4:95:4d:19:6b:69:0b:04:de:11:
         60:21:4e:ab:57:41:e9:12:d9:b2:3e:52:95:98:c4:27:0b:01:
         41:4f:5b:e5:fd:7a:58:c0:ba:4e:1a:be:59:53:d9:29:a3:db:
         d1:58:10:06:d5:d5:9b:b5:05:13:a5:a1:1d:b1:d7:0d:43:81:
         be:5f:a7:0e:b1:88:20:02:85:dc:53:10:45:92:1d:84:01:b2:
         07:63:df:e4:aa:12:cd:f3:90:3d:4d:87:d7:a1:e1:68:7d:a0:
         20:a8:b6:0b:a8:ce:0e:e2:41:4f:88:98:38:95:71:ba:86:21:
         c0:11:96:01:6c:0e:99:89:ab:84:00:08:e9:b9:b8:01:44:05:
         09:22:cd:9c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzJvALqhsNz4kTHcp/r2hAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYmMwZDYwYmQzYTkwYmQ1ZTMxNTA5ZGVhZGY0NDcwNzZi
MDc4ZDgwHhcNMjQwMTAyMTAzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGE2MWIyNGJmYzk0MGQ1NDUzNjEzNGMzMzU3MTlmN2QzNDJlODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHQ7gqJcRhlUNLyZPb1v5o/b49ij
LfD6XDRQ5ADkd938InKnk6YUIBHI5o8HzVwFgwGSk7Pyhkoj70kbH+bcA7GSz8GR
vEnaiYYbC5JFfQ0SKEyeUfHhADLX3DW9Ar1c92F3RKPbvmBK7AQxPgqUp4EGr+tt
EcOzuWHsCpMATS/0jSrAp3g23xig7yOvN0js7WbuVpW/7pNEjHdhbnEaXQLYSBuc
QXLEcvkOBFOt5YsRT/eO1LeP0sZDVeZvlG0MwbN7fa+e1jUKAGDVlM4Fov1+Geff
4dHARAXydl9/CPEpKZDXCchZGkeGxCU+jqifrBRCqKOhpDWDya2Xb+4TRQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKCmGyS/yUDVRTYTTDNXGffTQugzMB8GA1UdIwQY
MBaAFOu8DWC9OpC9XjFQnerfRHB2sHjYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjd3TllMMDZrTDFlTVZDZDZ0OUVjSGF3ZU5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8wODBhZjYtOGRjNC00OGU2LTljNjMt
YTZiOTU5OTFjZDJjLzEvb0tZYkpMX0pRTlZGTmhOTU0xY1o5OU5DNkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8wODBhZjYtOGRjNC00OGU2LTljNjMtYTZiOTU5OTFjZDJj
LzEvNjd3TllMMDZrTDFlTVZDZDZ0OUVjSGF3ZU5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQET4YwAwQB
wSAAAwQBwSAEAwQE1C1AMA0EAgACMAcDBQAqAiZgMA0GCSqGSIb3DQEBCwUAA4IB
AQCGNVnFi4TilylJwCDZZ0a4oB5/MNIqNzCZn2sjiMCInKAjztYrCpx6RlSeMnDk
MYGWjkqTL7a/SnJ+Lz3mQJbWoUIuANgyMvYytqcgiRtHnBzdUIBJY/pv0qAvgSef
ehXPg8yh+O7ZuNgkeC06t7VZa+Qe4+SVTRlraQsE3hFgIU6rV0HpEtmyPlKVmMQn
CwFBT1vl/XpYwLpOGr5ZU9kpo9vRWBAG1dWbtQUTpaEdsdcNQ4G+X6cOsYggAoXc
UxBFkh2EAbIHY9/kqhLN85A9TYfXoeFofaAgqLYLqM4O4kFPiJg4lXG6hiHAEZYB
bA6ZiauEAAjpubgBRAUJIs2c
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:23:31 2024 by rpki-client on console-fra.rpki-client.org